Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023
Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Update – Windows Utility Regsvr32 Targeted by Cybercriminals – Active IOCs
February 10, 2022Rewterz Threat Advisory – ICS: Multiple Siemens SIMATIC Vulnerabilities
February 11, 2022
Severity
High
Analysis Summary
Linux environments are considered safer and more secure than windows environments. For the accessibility and security reasons, cloud services, container-based infrastructure, and Virtual Machines (VMs) are developed in Linux environments. Considering this, threat actors have started targeting Linux vulnerabilities and with sophisticated malware. As predicted by Rewterz Threat Intel Report, Ransomware has increased exponentially this year (although it just the Q1 of 2022). Ransomware groups are targeting Linux hosts to infect virtual-machine containers or images. Cobalt Strike, is a legitimate Pen test (penetration testing) toolkit that deploys “beacons” on infected devices to perform malicious behaviors. It is commonly used in ransomware attacks. The tool has become a way to manage compromised machines. So much so that Linux based versions of the tool which are protocol-compatible versions have been developed and deployed.
“Most research has been focused on the Windows side, but we are now seeing an increase in attacks on the Linux side and especially against multicloud infrastructure,” Threat Analyst from VMware says. “Most of the cases we see involve misconfiguration at the hypervisor level or, at the server level, shared accounts, shared passwords, and poorly configured role-based access controls.”
“The main attack surface area is still stolen credentials, which has the advantage that it takes a longer time to understand that a compromise has happened,” he says. “The login could seem absolutely normal and an attacker gets access to resources, but it’s not until things start going in the wrong direction that the breach is actually identified.”
Impact
- Exposure of Sensitive Data
- Remote Code Execution
- Gain Access
- Cyber Espionage
- Data Theft
Indicators of Compromise
URL
- http[:]//foxofeli[.]com[:]443/template[.]css
- https[:]//foxofeli[.]com/template[.]css
- https[:]//theshuaianow[.]xyz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- https[:]//dev[.]cubic-transportation[.]com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
- https[:]//168[.]61[.]180[.]98/updates[.]rss
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Search for IOCs in your environment.